diff --git a/objects/blog/definition.json b/objects/blog/definition.json index b471525..97980b6 100644 --- a/objects/blog/definition.json +++ b/objects/blog/definition.json @@ -9,7 +9,7 @@ "misp-attribute": "text" }, "title": { - "description": "Raw post.", + "description": "Title of blog post.", "ui-priority": 1, "misp-attribute": "text" }, @@ -23,6 +23,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "type": { "description": "Type of blog post.", "ui-priority": 1, @@ -88,7 +94,7 @@ "misp-attribute": "text" } }, - "version": 12, + "version": 13, "description": "Blog post like Medium or WordPress.", "meta-category": "misc", "uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1", diff --git a/objects/forged-document/definition.json b/objects/forged-document/definition.json index 5ed512e..f8a8f7a 100644 --- a/objects/forged-document/definition.json +++ b/objects/forged-document/definition.json @@ -29,11 +29,14 @@ "ui-priority": 1, "misp-attribute": "text", "disable_correlation": true, + "multiple": true, "sane_default": [ "email", "letterhead", "speech", "literature", + "blog", + "microblog", "photo", "audio", "invoice", @@ -66,6 +69,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Objective of the forged document.", "ui-priority": 1, @@ -92,7 +101,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 7, "description": "Object describing a forged document.", "meta-category": "file", "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21", diff --git a/objects/leaked-document/definition.json b/objects/leaked-document/definition.json index 88fc133..6adf927 100644 --- a/objects/leaked-document/definition.json +++ b/objects/leaked-document/definition.json @@ -34,6 +34,7 @@ "ui-priority": 1, "misp-attribute": "text", "disable_correlation": true, + "multiple": true, "sane_default": [ "email", "letterhead", @@ -71,6 +72,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Reason for leaking the document.", "ui-priority": 1, @@ -98,7 +105,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 6, "description": "Object describing a leaked document.", "meta-category": "file", "uuid": "ea145ecd-b3c2-4f57-ac11-c16e883c4247", diff --git a/objects/meme-image/definition.json b/objects/meme-image/definition.json index eb59d9f..edb88ec 100644 --- a/objects/meme-image/definition.json +++ b/objects/meme-image/definition.json @@ -66,6 +66,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Objective of the meme.", "ui-priority": 1, @@ -92,7 +98,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 6, "description": "Object describing a meme (image).", "meta-category": "file", "uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6", diff --git a/objects/microblog/definition.json b/objects/microblog/definition.json index 309c11e..cb825fe 100644 --- a/objects/microblog/definition.json +++ b/objects/microblog/definition.json @@ -19,6 +19,18 @@ "misp-attribute": "link", "to_ids": false }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, + "attachment": { + "description": "The microblog post file or screen capture.", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "attachment" + }, "type": { "description": "Type of the microblog post", "ui-priority": 1, @@ -43,6 +55,8 @@ "values_list": [ "Informative", "Malicious", + "Misinformation", + "Disinformation", "Unknown" ] }, @@ -103,7 +117,7 @@ "multiple": true } }, - "version": 12, + "version": 16, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", diff --git a/objects/news-agency/definition.json b/objects/news-agency/definition.json new file mode 100644 index 0000000..9df81c2 --- /dev/null +++ b/objects/news-agency/definition.json @@ -0,0 +1,73 @@ +{ + "requiredOneOf": [ + "name", + "alias" + ], + "attributes": { + "name": { + "description": "Name of the news agency.", + "disable_correlation": false, + "ui-priority": 100, + "misp-attribute": "text" + }, + "alias": { + "description": "Alias of the news agency.", + "ui-priority": 99, + "misp-attribute": "text", + "multiple": true + }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, + "attachment": { + "description": "The news file, screen capture, audio, etc.", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "attachment" + }, + "url": { + "description": "Original URL location of the news agency (potentially malicious).", + "ui-priority": 1, + "misp-attribute": "url", + "multiple": true + }, + "link": { + "description": "Original link to the news agency (Supposed harmless).", + "ui-priority": 1, + "misp-attribute": "link", + "multiple": true + }, + "phone-number": { + "description": "Phone number of the news agency.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "fax-number": { + "description": "Fax number of the news agency.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "address": { + "description": "Postal address of the news agency.", + "ui-priority": 10, + "misp-attribute": "text", + "multiple": true + }, + "e-mail": { + "description": "Email address of the organization.", + "ui-priority": 10, + "misp-attribute": "email-src", + "multiple": true + } + }, + "version": 1, + "description": "News agencies compile news and disseminate news in bulk.", + "meta-category": "misc", + "uuid": "92b3f7fd-c4bc-42af-a73b-033ace439622", + "name": "news-agency" +} diff --git a/objects/news-media/definition.json b/objects/news-media/definition.json new file mode 100644 index 0000000..10bd39d --- /dev/null +++ b/objects/news-media/definition.json @@ -0,0 +1,127 @@ +{ + "requiredOneOf": [ + "source", + "alias" + ], + "attributes": { + "source": { + "description": "Name of the news source.", + "disable_correlation": false, + "ui-priority": 100, + "misp-attribute": "text" + }, + "alias": { + "description": "Alias of the news source.", + "ui-priority": 99, + "misp-attribute": "text", + "multiple": true + }, + "content": { + "description": "Raw content of the news.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "transcription": { + "description": "Transcribed audio/visual content.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "title": { + "description": "Title of the post.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "archive": { + "description": "Archive of the news (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, + "attachment": { + "description": "The news file, screen capture, audio, etc.", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "attachment" + }, + "type": { + "description": "Type of news media (newspaper, TV, podcast, etc).", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Newspaper", + "Newspaper (Online)", + "Magazine", + "Magazine (Online)", + "TV", + "Tube", + "Radio", + "Radio (Online)", + "Podcast", + "Alternative Media", + "Other" + ] + }, + "sub-type": { + "misp-attribute": "text", + "ui-priority": 0, + "description": "Format of the news post (business daily, local news, metasite, etc).", + "disable_correlation": true, + "values_list": [ + "Business Daily", + "Local News", + "State News", + "National News", + "Metasite", + "Political Commentary", + "Clipper", + "Pressure Group", + "Staging", + "Trade Site", + "Other" + ] + }, + "url": { + "description": "Original URL location of news (potentially malicious).", + "ui-priority": 1, + "misp-attribute": "url", + "multiple": true + }, + "link": { + "description": "Original link to news (Supposed harmless).", + "ui-priority": 1, + "misp-attribute": "link", + "multiple": true + }, + "phone-number": { + "description": "Phone number of the news source.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "fax-number": { + "description": "Fax number of the news source.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "address": { + "description": "Postal address of the news source.", + "ui-priority": 10, + "misp-attribute": "text", + "multiple": true + }, + "e-mail": { + "description": "Email address of the news source.", + "ui-priority": 10, + "misp-attribute": "email-src", + "multiple": true + } + }, + "version": 1, + "description": "News media are forms of mass media deliverings news to the general public.", + "meta-category": "misc", + "uuid": "691463c5-5302-4847-9bec-4c56ccfec677", + "name": "news-media" +} diff --git a/objects/user-account/definition.json b/objects/user-account/definition.json index 203bb28..2f68dbb 100644 --- a/objects/user-account/definition.json +++ b/objects/user-account/definition.json @@ -3,7 +3,7 @@ "uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "meta-category": "misc", "description": "", - "version": 1, + "version": 2, "requiredOneOf": [ "password", "username", @@ -54,6 +54,11 @@ "windows-domain" ] }, + "link": { + "description": "Original link into the account page (Supposed harmless)", + "ui-priority": 1, + "misp-attribute": "link" + }, "is_service_account": { "description": "Specifies if the account is associated with a network service.", "disable_correlation": true,